this post was submitted on 07 Apr 2025
48 points (96.2% liked)
Selfhosted
60426 readers
214 users here now
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil.
-
No spam.
-
Posts are to be related to self-hosting.
-
Don't duplicate the full text of your blog or readme if you're providing a link.
-
Submission headline should match the article title.
-
No trolling.
-
Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
For simple cases you might be able to use 802.1x authentication if "trust" is the issue. This doesnt scale well as a solution on a larger network though.
Hmm, I haven't heard of that before. Could you explain?
https://en.m.wikipedia.org/wiki/IEEE_802.1X
802.1x are a set of protocols that allow port access to be locked to specific devices, which would preclude your need for multiple subnets. You would likely need a few extra physical ports on your white box router, the unmanaged switch could later become overwhelmed passing traffic in a more complicated setup, and you would still need to keep trusted and untrusted traffic separate at the gateway subnet.
Your use case is exactly why vlans were invented.
However, I suspect from your other answers that you are actually looking for an open source managed switch so your entire networking stack is auditable.
There are a few solutions like opx, but hardware supporting opx is prohibitively expensive and it is almost always cheaper to build a beige box and use Linux or get a 2nd hand supported device and use openwrt.
Ah, is that something like sticky ports?
Indeed, I would like to run a switch with a FOSS OS, and I don't see any viable way of doing that. Unfortunate, but whitebox router + switch it is then
The effect is similar to sticky ports, but sticky ports is just filtering based on Mac address, which can be spoofed.
802.11x allows traffic from a device only if they also have the correct EAP certificate.
I see. I didn't know about this. I have saved your comment, I'll come back to this in a bit